Paper 2012/207

Cryptanalysis of Hummingbird-2

Kai Zhang, Lin Ding, and Jie Guan

Abstract

Hummingbird is a lightweight encryption and message authentication primitive published in RISC’09 and WLC’10. In FSE’11, Markku-Juhani O.Saarinen presented a differential divide-and-conquer method which has complexity upper bounded by 264 operations and requires processing of few megabytes of chosen messages under two related nonces (IVs). The improved version, Hummingbird-2, was presented in RFIDSec 2011. Based on the idea of differential collision, this paper discovers some weaknesses of the round function WD16 combining with key loading algorithm and we propose a related-key chosen-IV attack which can recover the full secret key. Under 24 pairs of related keys, the 128 bit initial key can be recovered, with the computational complexity of O(232.6) and data complexity of O(232.6). The result shows that the Hummingbird-2 cipher can’t resist related key attack.

Note: We found some small mistakes in the old version of our paper so we withdraw this paper and revise it later.